Deciphering the human threat

While you are securing your organisation security perimeter, insiders can cause serious damage and loss.

Countering technological threats is not just a technical challenge; it is also a human challenge. In fact, a recent Ponemon Institute survey indicated that malicious insiders pose the greatest cyber risk to organisations today. However, there are individuals who unknowingly expose their organisations to threats, as many do not seem to understand the risks inherent in using the Internet.

IBM’s Cyber Security Intelligence Index states that 95 percent of all security incidents involve human error. While many of these are successful security attacks from external attackers who prey on human weaknesses, there also exist careless risk practices in which employees indulge, some of them as identified by Ponemon Institute survey are:-

• Connecting computers to insecure wireless networks
• Not deleting information on computer when no longer necessary
• Using personally owned mobile devices that connect to the organisation’s network
• Working on laptop when travelling, having access to sensitive information and not using a privacy screen
• Reusing the same password and username on different websites
• Leaving computers unattended when outside the workplace

Additionally, many of the external attacks involve social engineering techniques to lure targeted individuals into making mistakes. According to Verizon’s “2013 Data Breach Investigations Report,” 95 percent of advanced and targeted attacks involved phishing scams with emails containing malicious attachments that can cause malware to be downloaded onto the user’s computing device. This gives attackers access into the organisation from which they can move laterally in search of valuable information. In conjunction, there has been an increase in alternate attacker tactics, such as hacking of legitimate websites that users trust.

As a result, technology is not the only area of concern; errors are being made purely by users themselves. Unfortunately, most organisations lay emphasis on technology security measures to safeguard their confidential information and forget the “people” part of the equation. In order to refrain from errors made through social engineering, and to raise awareness about the vulnerability caused by negligent and careless employee behaviour, technology and processes must be combined with employee education. Moreover, organisations can take certain information prevention measures, such as:-

• Encrypting laptop hard drives
• Restricting the devices that are able to access the corporate network
• Instituting a mandatory routine for changing passwords

Further, cyber security awareness training sessions constantly help in educating employees about identifying suspicious communications, new possible risks, acceptable and unacceptable behavior.  An audit of both the IT and non-IT measures is a must to prevent an insider threat.

However, there remains a lingering question: how can one effectively identify an insider threat?